TransWikia.com

GHIDRA: How to load symbols from a text (map) file

Reverse Engineering Asked by Charlie Butterfield on December 28, 2020

I’m having trouble loading symbols for a very old Delphi-7 EXE. I posted a separate question regarding loading the DBG file symbols. Another approach would be to convert the debug symbols (available in a MAP text file) into some other text format and load it. I see references in the GHIDRA ticketing system to that sort of thing (e.g. here) but I cannot find those actions anywhere in my GHIDRA IDE.

Guidance about where in the GUI to locate those features (and the needed file format) would be greatly appreciated. Perhaps I need to install some optional component (I just unzipped GHIDRA 9.0.4 onto my Fedora-30 system).

Here is my related question.

debugging symbolsghidra

2 Answers

It's not certain that the particular map file you have is supported out of the box, but you should be able to use the Script Manager from the Window menu in Ghidra (in the Code Browser!).

A good start for your endeavor would likely be the Ghidra/Features/Python/ghidra_scripts/ImportSymbolsScript.py script aka ImportSymbolsScript (from the Script Manager).

The description of this script is:

ImportSymbolsScript.py

 Imports a file with lines in the form "symbolName 0xADDRESS"

Answered by 0xC0000022L on December 28, 2020

Wow that 'ImportSymbolsScript' helped. I 'turned down' that mapfile from

...
  Address         Publics by Value

 0001:0000       byte_0
 0001:001A       start
 0001:00D1       __nomain
 0001:00D8       _fclose
 0001:01DA       __fsopen
...

into:

0001:0000       byte_0
0001:001A       start
0001:00D1       __nomain
0001:00D8       _fclose
0001:01DA       __fsopen
0001:0214       _fopen
0001:0234       __close
...

... and modded ImportSymbolsScript.py in GHIDRA 'basic editor' like this:

# Imports a file with lines in the form "0xSEGMENT:0xADDRESS symbolName"
# @category Data
# @author 

f = "c:Tools!TempPortable_VB6Vs6sp6Bsetupsp6.map.txt"
  # f.askFile("Give me a file to open", "Go baby go!")

  # for line in file(f.absolutePath):  # note, cannot use open(), since that is in GhidraScript
for line in file(f):  # note, cannot use open(), since that is in GhidraScript

    pieces        = line.split()
    (segm,offset) = pieces[0].split(":")
    segm          = "1000" # dirty hack !!!
    address       = toAddr(long(segm + offset, 16))
    
    print "creating symbol", pieces[1], "at address", address
    createLabel( address, pieces[1], False )

Basically changes are:

  1. Changed the input order for pieces[]
  2. Added support for segment offset
  3. Hard coded file path for better workflow when modding/debugging the script (f = ...)
  4. Added that "1000" + part into toAddr() to simulate the need segment offset "1000:..."

Well it worked !!!

:)

BEFORE running the script:

enter image description here

AFTER:

enter image description here

Answered by Nadu on December 28, 2020

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Recent Questions

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP